CVE-2015-8002

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.23.11 MediaWiki versions 1.24.x prior to 1.24.4 MediaWiki versions 1.25.x prior to 1.25.3

Description The issue allows remote authenticated users to cause a denial of service, specifically disk consumption, by uploading files in one byte chunks using the chunked upload API (ApiUpload).

Recommendations For MediaWiki versions prior to 1.23.11, update to version 1.23.11 or later. For MediaWiki versions 1.24.x prior to 1.24.4, update to version 1.24.4 or later. For MediaWiki versions 1.25.x prior to 1.25.3, update to version 1.25.3 or later.